AWS Updates their DDoS Partner Testing Policy
April 17, 2024
DDoS simulation testing must be performed by an AWS Partner Network (APN) Partner that has been pre-approved by AWS to conduct DDoS simulation tests (AWS DDoS Test Partner).
The target of the DDoS simulation test must be either registered as a Protected Resource in an AWS account you own that is subscribed to AWS Shield Advanced or an Amazon API Gateway edge-optimized API endpoint that resides in an account you own subscribed to AWS Shield Advanced.
The bit volume of the DDoS simulation test may not exceed 20 gigabits per second.
The packet volume of the DDoS simulation test may not exceed 5 million packets per second when testing an Amazon CloudFront distribution and may not exceed 50,000 packets per second when testing any other type of AWS resource. The request volume of the DDoS simulation test may not exceed 50,000 requests per second.
Key Points to keep in mind:
- The target of the DDoS simulation test must be either registered as a Protected Resource in an AWS account you own that is subscribed to AWS Shield Advanced or an Amazon API Gateway edge-optimized API endpoint that resides in an account you own subscribed to AWS Shield Advanced.
- The bit volume of the DDoS simulation test may not exceed 20 gigabits per second.
- The packet volume of the DDoS simulation test may not exceed 5 million packets per second when testing an Amazon CloudFront distribution and may not exceed 50,000 packets per second when testing any other type of AWS resource.
- The request volume of the DDoS simulation test may not exceed 50,000 requests per second.
- The DDoS simulation test may not originate from an AWS resource and may not use an AWS resource in an attempt to simulate an amplification attack.
